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^ A secure execution framework for Java 

Manfred Hauswirth, Clemens Kerer, Roman Kurmanowytsch 
November 2000 Proceedings of the 7th ACM conference on Computer and 

communications security 
Publisher: ACM Press 

Full text available: " p?! pdf(430.90 KB) Additional Information: full citation , references , citings , index terms 



Keywords: Java security management, XML-based security configuration, management 
GUIs 



2 Access Control Models and Mechanisnns: Induced role hierarchies with attribute- 
based RBAC 

Mohammad A. Al-Kahtani, Ravi Sandhu 

June 2003 Proceedings of the eighth ACM symposium on Access control models and 
technologies 

Publisher: ACM Press 

Full text available: ^ pdfd 79.39 KB) Additional Information: full citation , abstract , references , index terms 

The Role-Based Access Control (RBAC) model is traditionally used to manually assign 
users to appropriate roles. When the service-providing enterprise has a massive customer 
base, assigning users to roles ought to be automated. RB-RBAC (Rule-Based RBAC) 
provides the mechanism to dynamically assign users to roles based on a finite set of 
authorization rules defined by the enterprise's security policy. These rules may have 
seniority relation among them, which induces a roles hierarchy. The main con ... 

Keywords: RBAC, access control, attributes, authorization rules, roles, roles hierarchies 



Model driven security: From UML models to access control infrastructures 
David Basin, Jurgen Doser, Torsten Lodderstedt 

January 2006 ACM Transactions on Software Engineering and Methodology (TOSEM), 

Volume 15 Issue 1 
Publisher: ACM Press 

Full text available: ^ pdf(968.83 KB) Additional Information: full citation , abstract , references , index terms 
We present a new approach to building secure systems. In our approach, which we call 
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Model Driven Security, designers specify system models along with their security 
requirements and use tools to automatically generate system architectures from the 
models, including complete, configured access control infrastructures. Rather than fixing 
one particular modeling language for this process, we propose a general schema for 
constructing such languages that combines languages for modeling systems with ... 

Keywords: Model Driven Architecture, Object Constraint Language, Role-Based Access 
Control, Unified Modeling Language, metamodeling, security engineering 



A rule-based framework for role-based delegation and revocation ] 
Longhua Zhang, Gail-Joon Ahn, Bei-Tseng Chu 

August 2003 ACM Transactions on Information and System Security (TISSEC), volume 6 

Issue 3 
Publisher: ACM Press 

I- MX ^ I ui 0t nc niiDx Additional Information: full citation , abstract , references , citings , index 

Full text available: TO pdfd.OS MB) 

^ terms 

Delegation is the process whereby an active entity in a distributed environment authorizes 
another entity to access resources. In today's distributed systems, a user often needs to 
act on another user's behalf with some subset of his/her rights. Most systems have 
attempted to resolve such delegation requirements with ad-hoc mechanisms by 
compromising existing disorganized policies or simply attaching additional components to 
their applications. Still, there is a strong need in the large, distrib ... 

Keywords: Role, access control, delegation, revocation, rule-based 



Workshop papers: How secure is AOP and what can we do about it? 
Bart De Win, Frank Piessens, Wouter Joosen 

May 2006 Proceedings of the 2006 international woricshop on Software engineering 
for secure systems SESS '06 

Publisher: ACM Press 

Full text available: ^ pdfd 94.32 KB) Additional Information: full citation , abstract , references , index terms 

From a software engineering perspective, using Aspect-Oriented Programnning (AOP) to 
build secure software has clear advantages. Until recently, the security perspective of this 
approach has been given less attention, however. This paper analyses the security risks in 
using AOP to develop secure software and discusses one particular solution to some of the 
identified risks, an aspect permission system. This permission system is one part of an 
overall AOP-based development platform for secure soft ... 

Keywords: AOP, permission system, risks, security 



6 Role-based access control in Java 
^ Luigi Giuri 

^ October 1998 Proceedings of the third ACM worlcshop on Role-based access control 
Publisher: ACM Press 

Full text available: "g) pdf(976.33 KB) Additional Information: full citation , references , citings, index terms 



7 Applications: YouServ: a web-hosting and content sharing tool for the masses 

^ Roberto J. Bayardo Jr., Rakesh Agrawal, Daniel Gruhl, Annit Somani 

^ May 2002 Proceedings of the 11th international conference on World Wide Web 

Publisher: ACM Press 
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Full text available: ^ pdf(238.48 KB) Additional Information: full citation , abstract , references , citings , index 

terms 

YouServ is a system that allows its users to pool existing desktop computing resources for 
high availability web hosting and file sharing. By exploiting standard web and internet 
protocols (e.g. HTTP and DNS), YouServ does not require those who access YouServ- 
published content to install special purpose software. Because it requires minimal server- 
side resources and administration, YouServ can be provided at a very low cost. We 
describe the design, implementation, and a successful intrane ... 

Keywords: decentralized systems, p2p, peer-to-peer networks, web hosting 



8 Programming languages for nnobile code 
A. Tommy Thorn 
^ September 199 



September 1997 ACM Computing Surveys (CSUR), Volume 29 issue 3 
Publisher: ACM Press 

Full text available: tgl Ddf(393.65 KB^ Additional Information: full citation , abstract, references, dtiogs. index 

terms , review 

Sun's announcement of the programming language Java more that anything popularized 
the notion of mobile code, that is, programs traveling on a heterogeneous network and 
automatically executing upon arrival at the destination. We describe several classes of 
mobile code and extract their common characteristics, where security proves to be one of 
the major concerns. With these characteristics as reference points, we examine six 
representative languages proposed for mobile code. The conclusion ... 

Keywords: Java, Limbo, Objective CamI, Obliq, Safe-Tcl, distribution, formal methods, 
mobile code, network programming, object orientation, portability, safety, security, 
telescript 



9 Security architecture for component-based operating systems 

Trent Jaeger, Jochen Liedtke, Vsevolod Panteleenko, Yoonho Park, Nayeem Islam 
September 1998 Proceedings of the 8th ACM SIGOPS European workshop on Support 

for composing distributed applications 
Publisher: ACM Press 

Full text available: ^ pdf(815.42 KB) Additional Information: full citation , citings , index terms 




10 Flexible control of downloaded executable content | 
Trent Jaeger, AtuI Prakash, Jochen Liedtke, Nayeem Islam 

May 1999 ACM Transactions on Information and System Security (TISSEC), volume 2 

Issue 2 
Publisher: ACM Press 

Full text available: ■ aDdf(297.79 KB^ Additional Information: full citation , abstract, references , citings, index 

terms , review 

We present a security architecture that enables system and application a ccess control 
requirements to be enforced on applications composed from downloaded executable 
content. Downloaded executable content consists of messages downloaded from remote 
hosts that contain executables that run, upon receipt, on the downloading principal's 
machine. Unless restricted, this content can perform malicious actions, including 
accessing its downloading principal's private data and sending messages on th ... 

Keywords: access control models, authentication, autorization machanisms, collaborative 
systems, role-based access control 
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Role-based access control on the Web using Java 
Luigi Giuri 

October 1999 Proceedings of the fourth ACM workshop on Role-based access control 
Publisher: ACM Press 

Full text available: ^ pdf(729.08 KB) Additional Information: full citation , references , citings , index terms 




Access rights analysis for Java 
Larry Koved, Marco Pistoia, Aaron Kershenbaum 

November 2002 ACM SIGPLAN Notices , Proceedings of the 17th ACM SIGPLAN 

conference on Object-oriented programming, systems, languages, 
and applications OOPSLA '02, Volume 37 issue ii 
Publisher: ACM Press 

Full text available* 153 Ddf(360 93 KB) Additional Information: full citation , abstract , references , citings, index 
* l^:'**^— ^ '■ terms 

Java 2 has a security architecture that protects systenns from unauthorized access by 
nnobile or statically configured code. The problem is in manually determining the set of 
security access rights required to execute a library or application. The commonly used 
strategy is to execute the code, note authorization failures, allocate additional access 
rights, and test again. This process iterates until the code successfully runs for the test 
cases in hand. Test cases usually do not cover all paths th ... 

Keywords: Java security, access rights, call graph, data flow analysis. Invocation graph, 
security 



''^ A taxonomy of connputer program security flaws 
^ Carl E. Landwehr, Alan R. Bull, John P. McDermott, William S. Choi 
n/ September 1994 ACM Computing Surveys (CSUR), volume 26 issue 3 

Publisher: ACM Press 

Full text available' 1?|pdf(3.81 MB) Additional Information: full citation , abstract , references , citings , index 
^ terms , review 

An organized record of actual flaws can be useful to computer system designers, 
programmers, analysts, administrators, and users. This survey provides a taxonomy for 
computer program security flaws, with an Appendix that documents 50 actual security 
flaws. These flaws have all been described previously in the open literature, but in widely 
separated places. For those new to the field of computer security, they provide a good 
introduction to the characteristics of security flaws and how they ... 

Keywords: error/defect classification, security flaw, taxonomy 



14 Protecting privacy using the decentralized label model 
^ Andrew C. Myers, Barbara Liskov 

^ October 2000 ACM Transactions on Software Engineering and Methodology (TOSEM), 

Volume 9 Issue 4 
Publisher: ACM Press 

Full text available* IaI pdf(294 13 KB) Additional Information: full citation , abstract , references , citings , index 
^^^-^^ ' terms , review 

Stronger protection is needed for the confidentiality and integrity of data, because 
programs containing untrusted code are the rule rather than the exception. Information 
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flow control allows the enforcement of end-to-end security policies, but has been difficult 
to put into practice. This article describes the decentralized label model, a new label 
model for control of information flow in systems with mutual distrust and decentralized 
authority. The model improves on existing multilevel s ... 

Keywords: confidentiality, declassification, downgrading, end-to-end, information flow 
controls, integrity, lattice, policies, principals, roles, type checking 



15 Role Engineering: A scenario-driven role engineering process for functional RBAC Q 
^ roles 

Gustaf Neumann, Mark Strembeck 

June 2002 Proceedings of the seventh ACM symposium on Access control models and 
technologies 

Publisher: ACM Press 

Full text available- 1^ Ddfd 71 50 KB) Additional Information: full citation , abstract , references , citings , index 
l^^-^— ^ terms 

In this paper we present a novel scenario-driven role engineering process for RBAC roles. 
The scenario concept is of central significance for the presented approach. Due to the 
strong hunnan factor in role engineering scenarios are a good means to drive the process. 
We use scenarios to derive permissions and to define tasks. Our approach considers 
changeability issues and enables the straightforward incorporation of changes into 
affected models. Finally we discuss the experiences we gained by app ... 

Keywords: role engineering, role-based access control, scenarios 



Improving the granularity of access control for Windows 2000 
Michael M. Swift, Anne Hopkins, Peter Brundrett, Cliff Van Dyke, Praerit Garg, Shannon 
Chan, Mario Goertzel, Gregory Jensenworth 

November 2002 ACM Transactions on Information and System Security (TISSEC), 

Volume 5 Issue 4 
Publisher: ACM Press 

Full text available* ^ pdf(447 78 KB) A^*^'^'^"^' Information: full citation , abstract , references , citings , index 
. [^-jj^— \ : terms , review 

This article presents the nnechanisms in Windows 2000 that enable fine-grained and 
centrally managed access control for both operating system components and applications. 
These features were added during the transition from Windows NT 4.0 to support the 
Active Directory, a new feature in Windows 2000, and to protect computers connected to 
the Internet. While the access control mechanisms in Windows NT are suitable for file 
systems and applications with simple requirements, they fall short of the ... 

Keywords: Access control lists, Microsoft Windows 2000, Windows NT, active directory 



'•^ Migrating to role-based access control Q 
Kami Brooks 

October 1999 Proceedings of the fourth ACM workshop on Role-based access control 
Publisher: ACM Press 

Full text available: ^ pdf(1.22 MB) Additional Information: full citation , references , index terms 




Keywords: Tivoli Management Environment, enterprise systems management, migration, 
role-based access control, security management 
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18 RBAC for Collaborative Environments: Model driven security for process-oriented Q 
^ systems 

^ David Basin, Jurgen Doser, Torsten Lodderstedt 

June 2003 Proceedings of the eighth ACM symposium on Access control models and 

technologies 
Publisher: ACM Press 

Full text available: ^ pdf(245.46 KB) Additional Information: full citation , abstract , references , index terms 

Model Driven Architecture is an approach to increasing the quality of complex software 
systems based on creating high-level system models and automatically generating system 
architectures from the models. We show how this paradigm can be specialized to what we 
call Model Driven Security. In our specialization, a designer builds a system model along 
with security requirements, and automatically generates from this a complete, configured 
security infrastructure. We propose a modular approach to con ... 

Keywords: RBAC, UML, metamodeling, model driven architecture, security engineering 



19 Mobile agent security based on payment Q 
Michael Sonntag, Rudolf Hormanseder 

October 2000 ACM SIGOPS Operating Systems Review, Volume 34 issue 4 
Publisher: ACM Press 

Full text available: pdf(598.64 KB) Additional Information: full citation , abstract , references 

Mobile agents are autonomous entities that handle tasks for their owner. Agents act on 
their own by reacting to changes and by planning their course of action. These agents can 
move from one server to another. In the future, agents will also be supplied with real 
money in some form to pay for resources or services. In this paper we discuss a dynamic 
security architecture, in which permissions are assigned in exchange for information 
(money). The decision as to which permissions are available, as ... 

20 Access Control: Design and implementation of a flexible RBAC-service in an object- 
^ oriented scripting language 

^ Gustaf Neumann, Mark Strembeck 

November 2001 Proceedings of the 8th ACM conference on Computer and 

Communications Security 
Publisher: ACM Press 

Full text available: fg| pdf(177.28 KB) Additional Information: full citation , abstract, references , citings, index 

terms 

In this paper we present the design and implementation of the xorbac component that 
provides a flexible RBAC service. The xorbac, implementation conforms to level 4a of the 
unified NIST model for RBAC and can be reused for arbitrary applications on Unix or 
Windows with a C or Tel linkage, xorbac runtime elements can be serialized and recreated 
from RDF data models conforming to a well-defined RDF schema. Furthermore we present 
our experiences with xorbac for t ... 

Keywords: XOTcl, mobile code, object-orientation, role-based access control, scripting 
language, web-applications 
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